GDPR and Privacy Policy

GDPR and Privacy Policy

Last revised on June 01, 2024, effective as of March 22, 2020


CPAP store GP (now referred to as the “” or the “Company” or the “CPAPmask”) never sells personal data and carries out all processing operations in strict compliance with GDPR & European privacy laws. You are always in control of Your personal information. values Your Privacy and strives for its services to be safe and enjoyable for everyone. This Policy sets out and explains how collects and processes personal data, the purposes for processing, and how We protect it. is committed to the Internet and its Users. This is why one of its major commitments is to provide the most secure and confidential service possible, ensuring the privacy of Users’ communications and personal data. This aims to make our Privacy Policy clear and easy to understand. If you have any questions, please get in touch with us at support(at)


The database generated from the Company website and services belong to CPAP STORE GP, with company registration number 801790670 and headquartered at 105 Sokratous, Kallithea 17672, Greece. CPAP STORE GP guarantees the fulfillment of the data protection conventions in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. As soon as a User has registered on the Company, their personal data, addresses, and means of payments (only payment method) are incorporated into the Company database so they may enjoy the services and products of the Company. This aim is to provide the User with access to and use of the Company and its products, allow the Company to draw up statistics on those services used and requested by the User and send out requested service updates.

At any time, Users may exercise their rights of access, rectification, cancellation, and opposition to the processing of personal data by sending an email to support(at) or by writing a letter to the above-stated CPAP store GP address.

Information We Collect

  • Personal identification data: full name, address, phone number, email address, and any other notes may be applied.
  • Financial data: VAT number, if applicable, way of payments.
  • Device-specific data: IP address, device type, and version,
  • Log data: referring URL and domain, pages visited, geographic location, preferred language used to display the webpage, and date and time when website pages were accessed.
  • All Other possible information which is associated with the order and our services.
  • Fulfilling obligations to the National Revenue Agency, the Ministry of Internal Affairs, and other state and municipal bodies.
  • Tax Office and the Accountants.
  • Some personal data can be collected (checkout page) without the User’s order confirmation or payment complete. 

How We Use the data

  • We use all the provided data to aim for the order to be fulfilled.
  • Promotional information, Order Notifications via email, Viber, WhatsApp, Phone Calls, SMS, and Social.
  • Other communication ways to support and everything else related to the services and products we provide.
  • We store your personal data in our ERP Software to have historical tractability of the ordered products per European regulations MDR/745 for Medical Products.

Duration of storage of your Personal Data

  • stores your personal data for a period not longer than the existence of the profile in the e-shop or at requested withdrawal.
  • The personal data in our ERP software remains for 10 years for the purposes of the EU MDR/745, and the Company will delete inactive accounts.  

Transfer of your Personal Data

  • The Company may, at its own direction, transfer all or part of your personal data for the fulfillment of the processing purposes to which you have agreed, subject to compliance with the requirements of Regulation (EU) 2016/679 (GDPR). 
  • We automatically transfer to for email notifications and promotional notifications. 
  • To and for the shipment and voucher generation with the associated courier (UPS-DHL).
  • To Courier Companies UPS, DHL, Geniki courier, ACS courier, Elta post.

Security and Data Centre Location

The CPAPmask primary data and servers are hosted at FastComet inc, at a dedicated server in Germany (EU).

The Company has implemented various measures to ensure that Your information is protected against unauthorized access, use, disclosure, and destruction. Please remember that risk can never be eliminated. Still, it can be significantly mitigated and reduced—all measures which Company has taken significantly reduce the risk. Company shall not be held liable by any Third Party, including You, in any event of unauthorized access, use, and/or disclosure of information provided that such is not due to Gross Negligence, wilful misconduct, fraud, or bad faith by Company.

Security measures adopted by the Company include:

  • Access to the information stored within servers are restricted to a limited number of employees (only Managers of the Company) and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality.
  • servers are protected by (1) firewalls establishing a barrier between Our trusted, secure internal network and the Internet and (2) IP restrictions, limiting access to whitelisted IP addresses.
  • Each User may only access information pertaining to its account.
  • We use SSL for, providing secure data transfer to prevent wiretapping and man-in-the-middle attacks. reviews its information collection and processing practices periodically and will review and amend this Privacy Policy accordingly.

Access and Disclosure 

The Company does not rent or sell your Personal Information, but we do disclose Your information to a limited set of trusted Third Parties in the situations explained below, for which You, by using Our Services or Company, hereby explicitly consent.

  • We will disclose Your personal information where We are bound to do so, at Law or via a court order as well as to meet any legal or regulatory requirement or obligations. We will use all reasonable efforts to ensure that those requirements or obligations are in accordance with Applicable Law.
  • We reserve the right to disclose Your information to any Third Party if We have reasonable information to believe that the disclosure is necessary for the purpose of an investigation and/or for the enforcement of any breaches of the Terms of Service (if applicable), to detect, prevent or otherwise address fraud, security, technical issues or other irregularities or illegalities, protect the rights and interests as well as the property of Company.
  • CPAPmask also works with Third-Party providers, which provide important functions to us that allow us to offer You a better service and other business partners. We need to disclose user data to them from time to time so that the services can be performed.
  • We only share information with the Third Party that is required for the service they offer. We contractually bind these providers to keep any data We share with them confidential and to be used only for particular purposes. For example, amongst others, we have providers that process Our credit card transactions, support Our internal support system, and manage Our marketing communications. By using or CPAPmask, you explicitly consent to and authorize us to sub-contract in this manner.
  • We may revise this Privacy Policy from time to time. The most current version of the Policy, found at, will govern Our use of Your information collected and processed from CPAPmask.
  • We will provide You with advance notice of the modifications via email to the email associated with Your account. You hereby agree that this shall constitute adequate notice in this regard. All changes to this Privacy Policy automatically take effect the sooner of the day. You use the Site and/or Services after they are initially posted on the Site. Your use of the Site and/or Services following the effective date of any modifications to this Agreement will constitute Your acceptance of the Agreement, as modified.
  • For more information regarding the cookies “click here. “
  • How to delete the cookies “click here. “
  • For more information about our cookie policy “click here. “

Third Parties Companies and what we share with them individually.

Please visit and read about the privacy policy relating to the 3rd party services we use.

  • Facebook
  • Twitter
  • Instagram
  • Google
  • YouTube
  • LinkedIn
  • Mailchimp
  • Aftersalespro
  • Aftership

Accounting Office

All our transactions are invoiced to the User, and for each sale, we share the needed data with our TAX office for accounting purposes.

CPAP Store Ltd

CPAP Store Ltd, located at 9 Tsar Boris III, Petrich, Bulgaria, is our second branch. We utilize this company as our supplier for products and as our logistics warehouse.

To expedite order processing, we may transfer some order requests to this contracted business for fulfillment. This helps ensure timely delivery of orders generated by

In compliance with GDPR, we ensure that all personal data handled by CPAP Store Ltd is processed according to the highest standards of privacy and security. Our data protection policies are designed to safeguard your information, and we have implemented stringent measures to ensure compliance with all relevant data protection laws.

Google Analytics and AdWords Services

What are Google AdWords and Google Analytics? Google Ads is a product that you can use to promote your business, help sell products or services, raise awareness, and increase traffic to your website. Google Analytics is a platform that collects data from the company website and creates reports that provide insights into your business. The same goes for Google Fonts, which our websites use for proper font structure.

We use Google AdWords with minimum data storage, meaning user data is kept for 14 months. We use GA (Google Analytics) to track the number of unique and returning visitors and website activity. GA does use cookies, and they save IP numbers. The same goes for Google Fonts. You can read more about GA and GDPR here.

Microsoft Analytics and AdWords Services

Microsoft Advertising is an internet marketing service that lets brands advertise their products, services, websites, and stores in search results on the Bing platform. Microsoft Advertising will collect data that allows you to track conversion goals and target audiences with remarketing lists. Universal Event Tracking (UET) is a tool that records visitors’ (unique and returning) activity on the website.

What is MailChimp or We use a mailing system to send emails, order updates, news, and promotional information to our subscribers and shoppers. Also, we use the MailChimp platform as a reminder for users to act accordingly regarding the purchase or interest. Lastly, we have an integration that allows MailChimp to send notifications of abandoned carts.

  • What we share with MailChimp: IP address, Geo Location, email, first – last name, products, and details.
  • How to unsubscribe: Press the “unsubscribe” from the bottom of the email. Or send us an email to support(at), and we will do the rest for you.
  • The abandoned card is triggered when you enter your email at our checkout page.
  • You can read more about MailChimp and GDPR here and

What are and It is an order-tracking and voucher-generator platform. The tracking numbers of order shipments are automatically added. Also, as an order notification panel, the customer could get announced about the location of His/Her Order via email or even by mobile text message.

  • What We Share: First name, last name, order ID, email, phone number. Address of origin, address of the destination, IP address.
  • Delete the data above: send us an email to support(at), and we will delete all your data from the or

Order Deliveries UPS, DHL courier or regular Post

What is UPS, DHL courier, and the Regular Post: UPS and DHL are global leaders as courier companies. We use UPS or DHL as our primary shipment company or regular Post.

  • What we share: First and Last names, addresses, email, phone numbers, and one description of the ordered products.
  • How to delete the data: we use all the data above to make possible one safe delivery.

Contact form’s

All contact forms from cpapmask go directly to our email address. No information except for what you provide is being sent or registered. All emails we receive are deleted after being answered and resolved, and no information is kept. 

What resolved to mean? Answered means answering your question and considering your initial question being answered and resolved.

Payments Gateways

To ensure the safety of the very sensitive data, we use the most known payment gateways, such as,, We do not handle or manage any payment details, nor do we keep any payment details on file/ record. When an order is processed and payment is successful, the customer will be re-directed back to our “Thank You” page.

  • PayPal requires an account and a linked card in order to proceed with the purchase with paypal. All the data is stored on PayPal servers and not in ours.
  • &
  • Mollie and Stripe are two of the most trustful companies in Europe, which also fully complains about the GDPR and its location in the Netherlands. They offer a variety of electronic payment ways.

Governing Law and Dispute Resolution

This Privacy Policy forms an integral part of Our Terms of Service. The Governing Law and Dispute Resolution mechanism found in Our Terms of Service shall also apply to Our Privacy Policy.

Further Information

If you have any questions about our Privacy Policy or our Privacy practices, Contact Us.